There is another problem with using self extracting exe files, and that is they generally require some information to be input before they decrypt the content. You don’t know what they are going to do and there is no way of examining all their internals successfully with anti-virus to know if they are safe.
exe files or copy them onto their hard drives and then run them. But signing self extracting files on-the-fly for the average user is impractical.Īnd that is why corporate IT departments do not allow people to download self-extracting.
So Locklizard code is Authenticode signed so you can be sure it came from us and has not been altered. In fact it’s not so long ago that a Certification Authority had to shut down after finding that hackers had got hold of code signing certificates allowing them to appear to be Microsoft, amongst others. But this process is done by organizations that are in the business of developing and selling computer applications, and the control of the encryption technology used is guarded very carefully – nobody wants the situation where another organization could pretend to be them. It is correct that WinZip files CAN be digitally signed, but it has to be done by a separate process using Authenticode, which is normally used during application installation processes rather than when running an application program. The biggest hazard of the self extracting exe file is that until you have run it you have no way of knowing what it is actually going to do.
Self Extracting EXE Files & Security Security and the dangers of self extracting executables Security and the dangers of self extracting exe files to distribute PDF DRM